'\" et
.TH CRYPT "3P" 2017 "IEEE/The Open Group" "POSIX Programmer's Manual"
.\"
.SH PROLOG
This manual page is part of the POSIX Programmer's Manual.
The Linux implementation of this interface may differ (consult
the corresponding Linux manual page for details of Linux behavior),
or the interface may not be implemented on Linux.
.\"
.SH NAME
crypt
\(em string encoding function
(\fBCRYPT\fP)
.SH SYNOPSIS
.LP
.nf
#include <unistd.h>
.P
char *crypt(const char *\fIkey\fP, const char *\fIsalt\fP);
.fi
.SH DESCRIPTION
The
\fIcrypt\fR()
function is a string encoding function. The algorithm is
implementation-defined.
.P
The
.IR key
argument points to a string to be encoded. The
.IR salt
argument shall be a string of at least two bytes in length not
including the null character chosen from the set:
.sp
.RS 4
.nf

a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 . /
.fi
.P
.RE
.P
The first two bytes of this string may be used to perturb the
encoding algorithm.
.P
The return value of
\fIcrypt\fR()
points to static data that is overwritten by each call.
.P
The
\fIcrypt\fR()
function need not be thread-safe.
.SH "RETURN VALUE"
Upon successful completion,
\fIcrypt\fR()
shall return a pointer to the encoded string. The first two bytes
of the returned value shall be those of the
.IR salt
argument. Otherwise, it shall return a null pointer and set
.IR errno
to indicate the error.
.SH ERRORS
The
\fIcrypt\fR()
function shall fail if:
.TP
.BR ENOSYS
The functionality is not supported on this implementation.
.LP
.IR "The following sections are informative."
.SH EXAMPLES
.SS "Encoding Passwords"
.P
The following example finds a user database entry matching a particular
user name and changes the current password to a new password. The
\fIcrypt\fR()
function generates an encoded version of each password. The
first call to
\fIcrypt\fR()
produces an encoded version of the old password; that encoded password
is then compared to the password stored in the user database. The
second call to
\fIcrypt\fR()
encodes the new password before it is stored.
.P
The
\fIputpwent\fR()
function, used in the following example, is not part of POSIX.1\(hy2008.
.sp
.RS 4
.nf

#include <unistd.h>
#include <pwd.h>
#include <string.h>
#include <stdio.h>
\&...
int valid_change;
int pfd;  /* Integer for file descriptor returned by open(). */
FILE *fpfd;  /* File pointer for use in putpwent(). */
struct passwd *p;
char user[100];
char oldpasswd[100];
char newpasswd[100];
char savepasswd[100];
\&...
valid_change = 0;
while ((p = getpwent()) != NULL) {
    /* Change entry if found. */
    if (strcmp(p->pw_name, user) == 0) {
        if (strcmp(p->pw_passwd, crypt(oldpasswd, p->pw_passwd)) == 0) {
            strcpy(savepasswd, crypt(newpasswd, user));
            p->pw_passwd = savepasswd;
            valid_change = 1;
        }
        else {
            fprintf(stderr, "Old password is not valid\en");
        }
    }
    /* Put passwd entry into ptmp. */
    putpwent(p, fpfd);
}
.fi
.P
.RE
.SH "APPLICATION USAGE"
The values returned by this function need not be portable among
XSI-conformant systems.
.P
Several implementations offer extensions via characters outside
of the set specified for the
.IR salt
argument for specifying alternative algorithms; while not portable, these
extensions may offer better security. The use of
\fIcrypt\fR()
for anything other than password hashing is not recommended.
.SH RATIONALE
None.
.SH "FUTURE DIRECTIONS"
None.
.SH "SEE ALSO"
.IR "\fIencrypt\fR\^(\|)",
.IR "\fIsetkey\fR\^(\|)"
.P
The Base Definitions volume of POSIX.1\(hy2017,
.IR "\fB<unistd.h>\fP"
.\"
.SH COPYRIGHT
Portions of this text are reprinted and reproduced in electronic form
from IEEE Std 1003.1-2017, Standard for Information Technology
-- Portable Operating System Interface (POSIX), The Open Group Base
Specifications Issue 7, 2018 Edition,
Copyright (C) 2018 by the Institute of
Electrical and Electronics Engineers, Inc and The Open Group.
In the event of any discrepancy between this version and the original IEEE and
The Open Group Standard, the original IEEE and The Open Group Standard
is the referee document. The original Standard can be obtained online at
http://www.opengroup.org/unix/online.html .
.PP
Any typographical or formatting errors that appear
in this page are most likely
to have been introduced during the conversion of the source files to
man page format. To report such errors, see
https://www.kernel.org/doc/man-pages/reporting_bugs.html .
